August 26, 2023
At a recent CIONet event in Zurich, I once again had the opportunity to participate in an evening of insightful conversations with some of the city’s senior IT and business leaders. The focus of this particular evening was to identify the biggest security challenges of the day. Those in attendance represented organizations from financial services to utilities and transportation companies. Not surprisingly the responses they offered fell into three categories: data protection, people, and business continuity.
With respect to data, the prime issue according to the assembled, is to keep it safe, preserve its quality and be prepared to make it readily available in the aftermath of an attack. On the topic of people, it has to do with creating the proper mindset and culture; making the people who matter aware of the risks and perils of a likely ransomware attack. With respect to business continuity, the issue is about striking a balance between the ongoing running of the business while delivering effective security. As one delegate pointed out, there is a natural tension between the two. Security practitioners are often expected to solve security concerns ‘in flight’ because the business cannot afford to pause key operations.
These three themes fueled new insights and debate throughout the evening, one in which attendees considered the best approaches to ransomware readiness and resilience.
Perhaps one of the most interesting insights that emerged was the idea that in order to tackle external threats properly an organization must work as one. Or to put it another, that cybersecurity should be a team sport.
Insights & Observations
In my opening remarks at the event, I shared some intelligence based on the conversations I have had with senior security practitioners over the last year. Accordingly, I explained that we have found that 75% of firms had been hit by a ransomware attack in the previous 12 months. Of those, around 48% fell victim. More concerning still, 23% were hit multiple times.
Prevention is Better Than a Cure
To address the threat, companies should look at resolution through the lens of ‘methodology, technology and culture,’ or, perhaps more simply, through ‘people, processes and technology.’ It is and always has been a multi-layered approach to achieving success. In countering ransomware, nothing is likely to beat hard work. If you rehearse and rehearse prevention and disaster recovery, at the end of the day good habits become as natural as “muscle memory.”
Paying a Ransom is Never a Strategy
During the event I argued several times, that: “Paying for ransomware recovery is not a strategy.” Nor is insurance, for that matter. It turns out that only 1 of 7 customers gets their data back once attacked. The rest will have their data partially returned. One IT leader at the evening event mentioned that hackers optimize their business by selling data on the dark side after they have been paid the ransom. This proved my point even further, because neither payment or insurance can mitigate reputational damage nor prevent customer or client data from ending up on the dark web. Instead, there is a need for better readiness and resilience in the data center landscape with multiple escape routes.
Wrapping the Evening with Best Practices
At the end of this invigorating evening, attendees were invited to share their best practices. Among the suggestions, preparation and repetition came up time and again. Training exercises that are “targeted and focused” is the best approach, one attendee insisted. These should include mock attacks and exercises that demonstrate you are capable of recovering data. They should also involve key suppliers.
As a suggestion, one attendee suggested we rethink the language we use to describe these events. “Disaster recovery,” for example, has a negative connotation. Better to use “business continuity” which is both positive in outlook and speaks directly to the non-technical business leaders who need to champion the best efforts of the cyber teams. In other words, language matters.
The Goal is Data and Backup
As one of the attendees rightly said, hackers target data and backup systems as these systems may contain sensitive information or valuable assets. By compromising data and backup systems, hackers can steal confidential information, disrupt operations by stopping applications, or demand a ransom to restore access to the data.
This can give hackers the best starting point for negotiation. Therefore, it is important for organizations to implement strong security measures and backup strategies to protect their data and systems from potential attacks. This includes implementing encryption of sensitive data, immutable capacity, regularly backing up data to secure off-site locations, and implementing access controls to limit unauthorized access to backup systems.
Your Safety Net Against Ransomware Attacks
Participants concurred that it’s imperative to get the basics right in IT. The backup solution at the end of the chain is your last safety net, but there is much to get in place before then. There needs to be a focus on mitigation rather than recovery with a holistic view of an organization’s ransomware strategy. Let’s face it, the cost of a ransomware attack is so enormous that mitigating that risk with a well-prepared solution that can repel attacks, makes sense every way you look at it. This is possible with a modern, elegant approach to data and a second layer of immutable storage to protect your most vital data assets.
Escape Routes
Hitachi Ops Center can provide ransomware mitigation that help customers guard your data assets. It orchestrates the replication between on-premises, near cloud, as well as public clouds to provide backups of the data. By creating an immutable storage environment with object storage, critical copies of data are “locked down” either in the near cloud or public cloud to ensure that ransom attacks don’t encrypt your data.
We at Hitachi Vantara actually have a lot of insights and guidance for taking the first steps in keeping data safe.